SWE210 Software Security Week 1
30 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the goal of an opponent in a passive attack?

Obtain information that is being transmitted

Give an example of a Type 1 passive attack.

Release of Message Contents (Eg: Telephone Conversation)

What can an opponent achieve through Traffic Analysis in a passive attack?

Determine the location and identity of communicating hosts, observe the frequency and length of messages being exchanged

What is the goal of an opponent in an active attack?

<p>Modification of the data stream or creation of a false data stream</p> Signup and view all the answers

Give an example of a Type 1 active attack.

<p>Masquerade (one entity pretends to be a different entity)</p> Signup and view all the answers

What happens in a Type 3 active attack involving the modification of messages?

<p>Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect</p> Signup and view all the answers

What is the main goal of security in the context of software?

<p>Protection of systems, data, and resources against unauthorized access, disclosure, alteration, or destruction.</p> Signup and view all the answers

Describe the impact of the Equifax data breach in 2017.

<p>Personal information of approximately 147 million individuals was compromised, including names, Social Security numbers, birth dates, and addresses.</p> Signup and view all the answers

What was the cause of the Equifax data breach in 2017?

<p>The breach stemmed from a vulnerability in Apache Struts, a web application framework used by Equifax.</p> Signup and view all the answers

How was the SolarWinds supply chain attack in 2020 executed?

<p>Attackers compromised SolarWinds' software updates, leading to unauthorized access across organizations.</p> Signup and view all the answers

What were the consequences faced by Equifax after the data breach?

<p>Equifax faced financial and reputational damage, including lawsuits, regulatory investigations, and Congressional hearings.</p> Signup and view all the answers

How did organizations respond to the SolarWinds supply chain attack?

<p>Organizations rushed to patch affected systems and mitigate risks.</p> Signup and view all the answers

What was the cause of the Facebook data leak in 2019?

<p>Vulnerability in Facebook's 'View As' feature</p> Signup and view all the answers

What type of user data was exposed during the Facebook data leak?

<p>Phone numbers, emails, and personal information</p> Signup and view all the answers

How did Facebook respond to the data leak?

<p>Acknowledged the breach, addressed the vulnerability, and notified affected users to review privacy settings</p> Signup and view all the answers

What are the three security goals emphasized in the text?

<p>Confidentiality, Integrity, Availability</p> Signup and view all the answers

Define Passive Attacks.

<p>Attacks that make use of information from the system without affecting system resources.</p> Signup and view all the answers

What is the significance of the CIA triad in cybersecurity?

<p>It ensures confidentiality, integrity, and availability of data and systems.</p> Signup and view all the answers

What is the purpose of a connection-oriented integrity service?

<p>To assure that messages are received as sent with no duplication, insertion, modification, reordering, or replays.</p> Signup and view all the answers

How does a connectionless integrity service differ from a connection-oriented one?

<p>Connectionless integrity service generally provides protection against message modification only.</p> Signup and view all the answers

What does non-repudiation aim to provide in a communication?

<p>Protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.</p> Signup and view all the answers

What is the purpose of the 'Origin' aspect of non-repudiation?

<p>Proof that the message was sent by the specified party.</p> Signup and view all the answers

How does encipherment contribute to data security?

<p>It transforms data into a form that is not readily intelligible, using mathematical algorithms.</p> Signup and view all the answers

What is the function of a digital signature in data security?

<p>To prove the source of data and the integrity of data.</p> Signup and view all the answers

What is the definition of risk in cybersecurity?

<p>Risk is the likelihood and potential impact of a threat exploiting a vulnerability to cause harm to an asset.</p> Signup and view all the answers

Give an example of a risk in cybersecurity related to data protection.

<p>Risk of Data Breach: Unauthorized access to sensitive customer information.</p> Signup and view all the answers

Define what an attack is in the context of cybersecurity.

<p>An attack is an intentional or malicious act aimed at exploiting vulnerabilities and compromising the security of an asset or system.</p> Signup and view all the answers

Provide an example of a cybersecurity attack involving deceptive emails.

<p>Phishing Attack: Deceptive emails or messages designed to trick users into revealing sensitive information.</p> Signup and view all the answers

What does mitigation refer to in cybersecurity?

<p>Mitigation refers to the process of reducing the likelihood or impact of potential threats by addressing vulnerabilities and implementing security controls.</p> Signup and view all the answers

How can organizations mitigate cybersecurity risks related to malware?

<p>Installing Antivirus Software: Protecting systems from malware and other malicious software.</p> Signup and view all the answers

Use Quizgecko on...
Browser
Browser